Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%HOMEPATH%\api-ms-win-secuC_2.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '84639553' = '%HOMEPATH%\api-ms-win-secuC_2.exe'
- from <Full path to file> to %HOMEPATH%\api-ms-win-secuc_2.exe
- http://ap#.##pmania.com/
- DNS ASK ap#.##pmania.com
- DNS ASK xb##.#allofduty.im